Feeds

Malware hitches a ride on digital devices

In the frame

Beginner's guide to SSL certificates

Keeping malicious code off of consumer products is a serious issue, said Larry Landry, a software expert and digital-picture frame expert at Eastman Kodak. Landry was frank about the chances of any manufacturer eliminating the risk of accidental infection: A company cannot rule out an infection in the factory, but it can make the probability of such an incident very unlikely, he said.

"Kodak works very closely with our suppliers to see that they have the latest version of antivirus software on the manufacturing systems," Landry said. "We also ask that any PCs in the factory are not connected to the Internet."

Kodak is not among the manufacturers whose products were allegedly compromised by the Trojan horse program.

Following the report of an infected digital photo frame on Christmas Day, the Internet Storm Center called for more information and turned a single incident into a steady drip, if not a flood, of anecdotes from consumers. Other devices that reportedly came with a viral hitchhikers included hard drives, MP3 players and music-playing sunglasses.

While a compromise at the manufacturer is the most likely scenario, ISC's Sachs also pointed to retailers as a possible point of infection. Returned products, which could have been infected by the consumer, are frequently put back on the shelf, if they are in sale-able condition, and attackers could take advantage of a store's poor digital hygiene, he said.

"Trying to (infect a product) all the way back at the factory - getting it through all the checks and balances -- would be pretty hard to do," he said. "But doing it at the store, where there might be loose return policies, and (where) they put it back on the shelf - you are not going to get a million infections, but you might get a person from an investment bank next door."

Yet, among the major threats to consumers' PCs and data, infection by a consumer product is a relatively minor one, said Mikko Hyppönen, chief research officer for antivirus firm F-Secure, adding: "It'll happen."

Consumers will have to be careful with any device that can be connected to a PC, including USB thumb drives, GPS devices, mobile phones, video players, set top boxes, portable hard drives, memory card readers, and eventually even microwave ovens and other appliances, he said.

Wal-Mart, the owner of Sam's Club, told the ISC that its security team had randomly checked several dozen picture frames and did not find additional infections, Sachs said. A representative of Wal-Mart reached by SecurityFocus could not immediately comment on the issue.

This article originally appeared in Security Focus.

Copyright © 2008, SecurityFocus

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.